Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.
RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1163613

Summary: Some access in yum-rhn-plugin ignores proxy settings
Product: Red Hat Enterprise Linux 7 Reporter: Paul Wayper <pwayper>
Component: yum-rhn-pluginAssignee: Jan Dobes <jdobes>
Status: CLOSED DUPLICATE QA Contact: Red Hat Satellite QA List <satqe-list>
Severity: high Docs Contact:
Priority: high    
Version: 7.2CC: cperry, dyordano, jdobes, pgervase
Target Milestone: rc   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-05-28 11:07:06 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1133060, 1205796    

Description Paul Wayper 2014-11-13 06:01:34 UTC 
Description of problem:

Using yum and yum-rhn-plugin, customer sees timeouts doing updates or getting repository lists from satellite.

strace shows connect() call trying to connect directly to Satellite server, which is only allowed to be accessed through a proxy.

yum fails with error:

failed to retrieve repodata/repomd.xml from soe-rhel-x86_64-server-7
error was [Errno 14] curl#7 - "Failed connect to ((satellite)):443; No route to host"

Version-Release number of selected component (if applicable):

yum-rhn-plugin-2.0.1-4.el7.noarch
yum-3.4.3-118.el7.noarch

How reproducible:

Happens every time on customer's systems.

Steps to Reproduce:
1. Set proxy settings in /etc/sysconfig/rhn/up2date
2. Set proxy setting in /etc/yum.conf
3. yum update

Actual results:

failed to retrieve repodata/repomd.xml from soe-rhel-x86_64-server-7
error was [Errno 14] curl#7 - "Failed connect to ((satellite)):443; No route to host"


Expected results:

Download of repomd.xml file via proxy.

Additional info:

Cannot reproduce with RHEL 7 system using subscription-manager.

Strace of connect calls:

$ grep "^connect.*AF_INET" ~/Downloads/strace.out 
connect(5, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("((dns server))")}, 16) = 0
connect(5, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("((dns server))")}, 16) = 0
connect(5, {sa_family=AF_INET, sin_port=htons(3128), sin_addr=inet_addr("((proxy server))")}, 16) = -1 EINPROGRESS (Operation now in progress)
connect(10, {sa_family=AF_INET, sin_port=htons(443), sin_addr=inet_addr("((satellite server))")}, 16) = -1 EINPROGRESS (Operation now in progress)
connect(14, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("((dns server))")}, 16) = 0
connect(14, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("((dns server))")}, 16) = 0
connect(14, {sa_family=AF_INET, sin_port=htons(3128), sin_addr=inet_addr("((proxy server))")}, 16) = -1 EINPROGRESS (Operation now in progress)
connect(15, {sa_family=AF_INET, sin_port=htons(443), sin_addr=inet_addr("((satellite server))")}, 16) = -1 EINPROGRESS (Operation now in progress)
connect(14, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("((dns server))")}, 16) = 0
connect(14, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("((dns server))")}, 16) = 0
connect(14, {sa_family=AF_INET, sin_port=htons(3128), sin_addr=inet_addr("((proxy server))")}, 16) = -1 EINPROGRESS (Operation now in progress)
connect(15, {sa_family=AF_INET, sin_port=htons(443), sin_addr=inet_addr("((satellite server))")}, 16) = -1 EINPROGRESS (Operation now in progress)
connect(14, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("((dns server))")}, 16) = 0
connect(14, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("((dns server))")}, 16) = 0
connect(14, {sa_family=AF_INET, sin_port=htons(3128), sin_addr=inet_addr("((proxy server))")}, 16) = -1 EINPROGRESS (Operation now in progress)
connect(15, {sa_family=AF_INET, sin_port=htons(443), sin_addr=inet_addr("((satellite server))")}, 16) = -1 EINPROGRESS (Operation now in progress)
Comment 2 Paul Wayper 2014-11-18 04:26:30 UTC 
I have a theory about why this occurs:

From URLgrabber's definition of the 'proxies' keyword argument:

proxies = None
 
    a dictionary that maps protocol schemes to proxy hosts. For
    example, to use a proxy server on host "foo" port 3128 for http
    and https URLs:
      proxies={ 'http' : 'http://foo:3128', 'https' : 'http://foo:3128' }
    note that proxy authentication information may be provided using
    normal URL constructs:
      proxies={ 'http' : 'http://user:host@foo:3128' }
    Lastly, if proxies is None, the default environment settings will
    be used.

The code in rhnplugin.py contains this fragment:

    proxy_dict = {}
    try:
        proxy_url = get_proxy_url(up2date_cfg)
        if proxy_url:
            proxy_url = proxy_url.encode(locale.getpreferredencoding())
            if up2date_cfg['useNoSSLForPackages']:
                proxy_dict = {'http' : proxy_url}
            else:
                proxy_dict = {'https' : proxy_url}

Passing an empty dictionary is not treated as 'None' - so instead of 'the default environment settings [being] used', we get 'use no proxies at all and go directly'.

This would explain why the problem occurs even if the proxy is set in the environment.

Still examining the code to test this hypothesis.
Comment 3 Paul Wayper 2014-11-19 05:49:48 UTC 
I'm not so sure of the above hypothesis, but my research continues.  The two main methods of getting information for this are:

strace -e trace=connect yum install ${package}

env URLGRABBER_DEBUG=1 yum install ${package} 2> /tmp/urlgrabber.log
Comment 4 Paul Wayper 2014-11-20 21:57:22 UTC 
OK, I've got a bit of progress.

On the non-working systems, the 'proxies' dict in the URLgrabber structure has the proxy recorded under the 'HTTPS' key.  No idea why that's upper case, except maybe:

spacewalk/client/rhel/yum-rhn-plugin/rhnplugin.py:83:
            proxy_url = proxy_url.encode(locale.getpreferredencoding())

On my test RHEL 7 system that isn't using the RHN plugin, the proxies dict gets the proxy information in the 'http', 'https', and 'ftp' keys.

I'm currently testing commenting out the proxy information in the /etc/sysconfig/rhn/up2date file, putting the proxy information in the /etc/yum.conf file, and seeing if that fixes things.

Hope this helps,

Paul
Comment 5 Peter Gervase 2014-11-28 19:27:47 UTC 
Customer posted:

"[root@extlin7 ~]# export http_proxy=1.10.100.1
[root@extlin7 ~]# env | grep -i proxy
http_proxy=1.10.100.1
[root@extlin7 ~]# strace -o /tmp/strace.yum -s 99999  yum upgrade
Plugin "product-id" can't be imported
Loaded plugins: langpacks, rhnplugin
There was an error communicating with RHN.
Red Hat Satellite or RHN Classic support will be disabled.
Error communicating with server. The message was:
Unable to connect to the host and port specified
There are no enabled repos.
 Run "yum repolist all" to see the repos you have.
 You can enable repos with yum-config-manager --enable <repo>
[root@extlin7 ~]# grep 1\.10\.100\.1 /tmp/strace.yum 
[root@extlin7 ~]#


I also tried a fresh install of RHEL7... and run into the same problem..."
Comment 6 Paul Wayper 2014-12-02 21:30:57 UTC 
Thanks for that Peter.

I'm not sure what the intended behaviour of yum is with a proxy set in the environment but not in the /etc/yum.conf.

Situations we've tested so far:

A) setting proxy in /etc/yum.conf and /etc/sysconfig/rhn/up2date
B) setting proxy in /etc/yum.conf, /etc/sysconfig/rhn/up2date and environment
C) setting proxy only in /etc/yum.conf
D) setting proxy only in environment

All of these fail to go through the proxy for some critical requests.  A and B seem to use the proxy for some requests but not others.

In situation B we see the proxy dict with one entry: 'HTTPS': 'proxy.dns.name:port'.  When running on a working system we see three entries in the proxy dict: 'http', 'https' and 'ftp' all referring to the same host and port.  Because urlgrabber looks for the 'http' and 'https' entries and the matching is case sensitive, it doesn't work when only 'HTTPS' is set.

urlgrabber is able to pick up proxy information in the environment if it's not already set, but this behaviour is being overridden from within yum-rhn-plugin.

Hope this helps,

Paul
Comment 8 Jan Dobes 2015-05-28 11:07:06 UTC 
please use more recent version of yum-rhn-plugin

(In reply to Paul Wayper from comment #0)
> Version-Release number of selected component (if applicable):
> 
> yum-rhn-plugin-2.0.1-4.el7.noarch
> yum-3.4.3-118.el7.noarch
>

*** This bug has been marked as a duplicate of bug 1115516 ***